Rapport Hijackthis pour vbstat-c - Virus/Spywares - Windows & Software
Marsh Posté le 10-06-2007 à 00:25:11
XIX. Concernant les logs Hijackthis : Désormais, tout topic créé dans l'unique but de balancer un log hijackthis à analyse sera systématiquement fermé. Pour analyser les logs, le site http://www.hijackthis.de/fr est parfait.
Les logs hijackthis seront tolérés uniquement après une vraie présentation du problème, et une première analyse/diagnostic/dépannage de la part des autres forumeurs.
Marsh Posté le 10-06-2007 à 00:21:23
SAlut
Je suis infecter moi aussi par vbstat-c qui reviens tout le temps.
J'ai lu les procedures et je met mon rapport Vundofix et Hijackthis pour que vous puissiez m'aider.
Merci
VundoFix V6.4.2
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 23:32:22 09/06/2007
Listing files found while scanning....
VundoFix V6.4.2
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 23:49:33 09/06/2007
Listing files found while scanning....
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\mhntupvo.ini
C:\WINDOWS\system32\ovputnhm.dll
C:\WINDOWS\system32\pmnomki.dll
C:\WINDOWS\system32\ugrqkmeo.dll
C:\WINDOWS\system32\urqrrqq.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\geede.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mhntupvo.ini
C:\WINDOWS\system32\mhntupvo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ovputnhm.dll
C:\WINDOWS\system32\ovputnhm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnomki.dll
C:\WINDOWS\system32\pmnomki.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ugrqkmeo.dll
C:\WINDOWS\system32\ugrqkmeo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqrrqq.dll
C:\WINDOWS\system32\urqrrqq.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.2
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 00:07:58 10/06/2007
Listing files found while scanning....
No infected files were found.
Logfile of HijackThis v1.99.1
Scan saved at 00:17:58, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Logiciels\Avast\aswUpdSv.exe
E:\Logiciels\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\LOGICI~1\Avast\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
E:\Logiciels\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\Logiciels\Avast\ashMaiSv.exe
E:\Logiciels\Avast\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Logiciels\Adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {535524B7-4E08-49F9-8673-96991CE26F1B} - C:\WINDOWS\system32\geede.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\LOGICI~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {711980C2-8C7F-4C55-A742-25659CD1C442} - C:\WINDOWS\system32\urqrrqq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\mxlhbgwm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] E:\LOGICI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [j7271832] rundll32 C:\WINDOWS\system32\j7271832.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ovputnhm.dll",realset
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\LOGICI~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\LOGICI~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4193743579
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1734776-8566-4B4B-889B-82DEC2C9A040}: NameServer = 192.168.1.1,213.36.80.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Logiciels\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Logiciels\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Logiciels\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Logiciels\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Logiciels\Alcohol\Alcohol 120\StarWind\StarWindService.exe
A vous de jouer
Message édité par serval13d le 10-06-2007 à 00:22:33